Web Worker Daily

Yesterday Google introduced a ‘remote signout’ feature for Gmail, providing a capability that sets an inportant precendent for web-based applications and indeed web workers.

Most web workers tend to hop between multiple devices to access our web applications; Gmail is a great case in point with multiple interfaces mechanisms spread across web, mobile, IMAP and POP3 formats, however it’s easy to lose track of where you’re signed in and compromise a little of your privacy and security if you’re not careful.

Remote Signout enables Gmail users to keep track of recent sessions by IP address and remotely logoff from any of those sessions if the time or location seems suspect.

Gmail inboxes, where the feature is being rolled out progressively, will include a new item in the footer labeled ‘This account is open in x other locations’ with a link to a more detailed view, as illustrated here to the left. Of course, you’ll need to know your own IP addresses to understand if any unauthorized usage is taking place, so it’s not the best user experience, though it works and is a welcome feature.

More significantly Remote Signout sets an important precedent for all web applications - namely that such a feature should be a design pattern employed in all web applications.

Oftentimes the only indication a user has of malicious use is when unusual things begin to happen within their services, in real life, or the arrival of unsolicited password reminder email in their inboxes! By wiring in the means to audit access usage of an application, one of the barriers to policing your personal security and privacy is lowered, enabling us all to be just a little more preemptively vigilant.

Learn more about Gmail’s remote signout feature at Google’s Gmail blog…

Facebook has been pilloried for not caring enough about our privacy. But now they face a call to offer data portability, something that could, if not carefully designed, compromise the privacy we so wanted last year.

Facebook disabled blogger Robert Scoble’s account after he ran automated scripts against the site. The site’s Terms of Service say that you agree not to “use automated scripts to collect information from or otherwise interact with the Service or the Site.”

The general consensus seems to be that this was Scoble’s data and so he should be able to do whatever he likes with it. But that information he’s trying to get wasn’t all his. Apparently he wanted information about his “social graph”: the friendships he has recorded on Facebook and profile data about those friends.

Even if Scoble’s Facebook friends agreed to let him view their data on Facebook, they didn’t agree to let him take that information wherever he wants to do with what he wants. He could use a screen scraping program to grab data that they consider just-among-friends and stick it out in public without any regard for their privacy settings. You might say, “Scoble wouldn’t do that” but it’s Facebook’s responsibility to see that it doesn’t happen.

Data portability could be designed into Facebook in such a way that it doesn’t compromise user’s privacy. At the very least, an opt-in to profile sharing outside Facebook would need to be provided. Allowing uncontrolled screen scraping is not the answer.